Downloading 'Jar File' - how safe / unsafe? - Website Technology Issues forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Downloading 'Jar File' - how safe / unsafe?

kapow

11:46 am on Nov 20, 2002 (gmt 0)

Lately I see a lot more websites that display a message like "Downloading Jar File". I don't know much about this, I suppose it is a Jarver Aplet (as different to a Java Script). I read sometime ago that Java can not harm your PC / privacy etc because it is not allowed access to anything but browser stuff.

It looks a bit sinister to me to get the "Downloading Jar File" message on screen. I think "whats that doing that I'm not aware of?"

Can anyone who knows about the possibilities of 'Jar Files' say something about the safety of them?

BlobFisk

11:57 am on Nov 20, 2002 (gmt 0)

JAR files are Java Archives which hold bundled Java class files and other associated resources, for use with applets and Java applications.

From a security point of view, as far as I know, the developer needs to digitally sign the JAR file, so that users who 'recognise' the signature can grant additional security priviledges to the Java application that it normally wouldn't have.

Therefore, if you are not prompted by the application for additional priviledges, it (again, caveat emptor type warning!) most probably isn't trying to do anything malicious due to the inherent securty constraints web based application must adhere to.